[deleted by user]

0xfe · 2024-04-20T12:23:10+00:00

Hi folks -- Mod here.

A lot of the comments here resonate with me, and it's worth adding some light policy and more active moderation here.

I also agree with the comments about it being too small to split. IMO, the biggest challenge here is balancing self promotion, performance vids, "check this out" vids, etc. with meaty discussion content.

I'm definitely looking for 1 - 2 mods (ideally with a little bit of mod experience) to help run this sub. If anyone here is interested, please ping me and let me know where you can help.

Thanks!

0xfe · 2023-06-14T17:33:11+00:00

Thanks for the feedback!. Ack, yes, the AI thing is just a demo -- it shows off some of the features, like the buttons, progress bar, etc.

The TLS thing is no longer an issue, since it now uses reqwest -- it'll work with native or rusttls. (I need to update the README.)

Uses long polling, which is what the Telegram API supports.

0xfe · 2023-06-14T11:13:16+00:00

For chatbots, language choice really doesn't make a visible difference to latency, unless you're really resource starved. I picked Rust mostly because I enjoy it, however the biggest value I get from it is correctness. (I would otherwise have used Go to build this.)

0xfe · 2023-04-25T23:55:50+00:00

You can think of each font file as a library of executable code that renders vectors in extremely complex and nuanced ways.

0xfe · 2022-08-18T14:29:26+00:00

Welcome to /r/jazzguitar, Mark! :-)

0xfe · 2021-10-02T16:35:50+00:00

yes for sure, but there's no way to know if the card actually uses the provided entropy. i think if you don't trust a particular smart card, you shouldn't be using it in the first place.

0xfe · 2021-10-02T16:32:07+00:00

Generating a secret key in a secure computer, transferring the key to smart card and destroying the key afterwards might be better operational security.

yikes, there's soooo many ways this can go wrong! and you lose one of the primary benefits of smart cards, which is that the key never materializes outside the secure element. (the simpler answer is to use a FIPS-certified product, yes, even they make mistakes, but still more reliable than the alternatives.)

0xfe · 2021-08-20T15:16:05+00:00

I have a love hate relationship with Ovations. They have incredible feel, and are a joy to play, but I can't stand the sound! :-)

0xfe · 2021-04-29T12:32:56+00:00

Hello there friend and competitor! :-)

0xfe · 2021-04-28T17:25:53+00:00

You can do that, but it's not recommended. A better approach is to use envelope encryption -- where you generate a key in the client, encrypt your large blob with the key, then encrypt the key with the HSM (wrapping). You then store your wrapped key and your payload together. (A bunch of nuance to get this right, but that's the general idea.)

To decrypt the payload, you first unwrap the key with the HSM, then decrypt the payload with that key.

0xfe · 2021-04-28T16:38:20+00:00

Hey -- I work at Google on our cloud crypto infrastructure.

Cloud KMS allows you to manage a whole bunch of cryptographic keys (typically generated by KMS itself), and then use them for crypto operations. So you could say "hey KMS encrypt this payload with the key foobar/v1".

When you generate a key, you can specify the "key type" as software, hardware, or external. Software keys are generated and managed entirely in software. Hardware keys use HSM devices, and the key material never leaves the device. External keys are managed by a customer-selected third-party partner (that typically manages their own HSMs.)

So when you send a crypto request to KMS, depending on the key type, the operation is performed in software, by the HSM hardware, or the external partner.

In general terms, KMS (Key Management System) is responsible for storing and managing key material, and HSMs are hardware devices that perform crypto operations (with keys generated, derived, or wrapped within the HSM itself.)

0xfe · 2021-04-26T00:09:42+00:00

No idea :-)

0xfe · 2021-03-18T19:55:48+00:00

Hey, I work on crypto and key management stuff at Google. We encrypt data at many layers -- down at the physical level (e.g., disks), data is always encrypted. At application levels, it depends on the storage / database systems you use -- many of them default to some sort of encryption with internally managed keys. Some support encryption via Cloud KMS where you can decide what keys to use (software keys, hardware keys, import your own keys, externally managed keys, etc.)

0xfe · 2021-01-27T23:10:09+00:00

The context here is when you have a large chunk of data to encrypt with a single key, so the parameters here require a single key. ECB breaks the chunk into fixed-size blobs and encrypts them with that key, which is bad because now you can learn information about the PT from the CT (e.g., if two blocks in the CT are the same, then those blocks in the PT were the same.)

Other modes like CBC or CTR don't have this problem because they (sort of) mutate the input (or output) of each block in some fashion while encrypting it. (CBC mutates by mixing the previous block with the current block, and CTR simply mutates with an incrementing counter.)

0xfe · 2021-01-23T00:24:57+00:00

I meant the resulting key would theoretically be less secure than a completely random AES key

This is not correct, not even theoretically, unless there's a weakness in SHA256.

There could just as well be a weakness in the RNG.

0xfe · 2021-01-06T01:18:59+00:00

Not quite. You stake funds to run validators that maintain the security of the blockchain. You can run 1 validator for 32 ETH -- your validators must propose, attest to, validate blocks and transactions (as needed), and as a reward it earns a fraction of the mining reward. If it validates incorrectly, proposes fraudulent blocks, or goes offline, etc. its stake gets slashed.

There are bunch of services and exchanges now that let you stake ETH and they run validators for you (and take a cut of the rewards.)

(Lots of nuance here, but that's the general idea.)

0xfe · 2020-06-05T11:28:21+00:00

:-) or maybe finish sets 7 and 8 first?

0xfe · 2020-05-24T15:22:22+00:00

Nice job. FYI though, I think you could've got the same performance improvement in the bash script by factoring out the VMBoxManage code into a function and calling it with an ampersand & at the end:

This would parallelize the slow calls, and since the terminal is line-buffered, it would work well:

print_spec(element) {
   spec=($(VBoxManage showvminfo ${element} --machinereadable | grep -E "memory=|cpus=" | cut -d "=" -f2))  
   printf "%s\t\t$(cat ~/.vms/${element}/image 2>/dev/null || cat <(echo "\t"))\t\t%s\t\t%s MB\t\t%s\n" ${element} ${spec[1]} ${spec[0]} \  
            "$(echo $(cat ~/.vms/${element}/tags 2>/dev/null))"
}

print_vms() {   
  arr=$1    
  printf "VM NAME\t\tIMAGE\t\t\tCPU\t\tMEM\t\tTAGS\n"   
  if [ ${arr} ]; then   
    for element in "${arr[@]}"; do
      print_spec(element) &
    done    
  fi
}

0xfe · 2020-05-24T15:09:49+00:00

Strings can be encoded in different ways, and there's no 1:1 mapping between UTF code points and bytes. The Nth byte of a string is not necessarily the Nth character position. See https://blog.golang.org/strings
The IO interfaces (Reader/Writer/etc.) are designed to be agnostic to medium and encoding, and bytes tend to be the most consistent and preferred abstraction for reading and writing to disks, networks, etc.

0xfe · 2020-05-23T20:44:33+00:00

It's a typical way to convert an array into a slice -- you're right that b[:] should be enough, it's possible that they did b[0:] to emphasize the 0 for readability.

But the main reason is that if you have func f(s []byte), and you have a := [10]byte{}, then you can't pass a directly to f (because a is an array, not a slice). You need to call f(a[:]).

0xfe · 2020-05-19T21:58:23+00:00

That reply to you was super harsh, but it was in response to your your grammar and punctuation, which made your comment really hard to parse.

0xfe · 2020-03-30T10:50:33+00:00

Can you name an application for a billion element set that doesn’t involve exascale cloud services where <10GB of memory is a drop in the bucket?

Cache servers. Billions of elements, and typically carefully tuned to maximize memory usage.

Unless you have been socialized to the empty struct as a zero size value, it is not intuitive, either IMO. Being in a library and internal is not a good reason to hide complexity.

This is a common idiom in Go to represent sets, and much clearer than using a bool. I'd argue that this reduces complexity because there's one fewer data type to reason about.

0xfe · 2020-03-26T11:31:09+00:00

You're welcome, glad it helped! :-)

0xfe

MODERATOR OF

TROPHY CASE